Menu

An update on default_password_lifetime

With MySQL 5.7, our goal is to be secure by default. This means that without having to change configuration settings or perform any additional steps, your fresh installation should be safe for production use.

As part of this security initiative, MySQL 5.7 shipped with a new feature where user accounts will be disabled if the password has not been changed in a number of days. This is configurable on either a per-user or global basis. The default global expiry was set to 360 days (configurable via default_password_lifetime).

Changes in 5.7.11

We received feedback that the default expiry policy is surprising for users upgrading from a previous release of MySQL. We agree, and in response the default has been changed to zero, as of MySQL 5.7.11.

This means that password expiry will not be in-force by default. We do however encourage users to change this to align with their organization’s password policies.

The Future

We do continue to see value in setting a value of default_password_lifetime to greater than zero, as this offers improved protection against legacy user accounts being used to compromise a server.

That is to say that we may look at changing the new 5.7.11 default of zero, to a non-zero version in a future major release. We encourage feedback as to how we could make this transition less surprising. I have created feature requests (Bug #79939, Bug #79959) for a startup warning, and a SYS view. There is still room for additional suggestions.

Post navigation

3 thoughts on “An update on default_password_lifetime”

I’ve been a MySQL DBA since 2009 and I’ve had a harder than hell time getting 5.7 up and running. I’m someone with experience who has setup multiple versions of MySQL on different architectures and OSes. I’ve compiled MySQL from source. I legitimately fear this may be the end for MySQL. I’m very saddened by this and I wanted to take a moment to tell you why I think that is.

I think the goals you’ve set are good (“security by default”), but I fear you’re missing the point. The one thing that makes MySQL so much more popular than other databases is “Frictionless”. Something being “Frictionless” means you can use your package manager to install something and “It Just Works”. Period. No GUIs, no prompts, no mucking around with configuration files. The product has to be installed, running, and usable within 60 seconds or the people that matter, the developers, are going to go in a different direction.

Imagine you recently bought a cell phone. Imagine that same cell phone had a link to a 20 page manual that told you how to use it. Would you even bother to read it?

Please, please, please – for the love of all that’s good – please think about how to make MySQL frictionless, and then try to install 5.7 on Ubuntu. If you get a single prompt, quit. Then you’ll really understand how developers will start viewing the changes that have been made to MySQL. They don’t care about anything else other than a frictionless installation and simplicity of use. They don’t have time for anything else.

To be completely clear, get rid of all installation prompts. Get rid of everything that gets in the way of doing a seamless installation. Don’t break things that are already working. Make it such that a user can install MySQL and begin using it moments later. Anything else, no matter how laudable, will kill MySQL for good. I have to admit there are other open source databases that are “good enough” and won’t inflict pain. Sadly at my workplace, people have begun discussing moving to either Postgres or MariaDB. I’m trying to stave them off, but I’m losing the battle.

It will only ask which question, which is which version of MySQL you want to install.

Note: What you are describing sounds like an issue I encountered when I installed the repo on an older version of Ubuntu but did not ‘apt-get update’ before installing. This then installed the distro 5.5, which asks additional questions, and meant that when I did install 5.7 I was performing a 2 version upgrade (not supported).